Participants
Joel Mariadasan (jomariad)
Joel Mariadasan (jomariad)
Tom Lane
Tom Lane
Attachments
Show all attachments
Thread Outline
#1Joel Mariadasan (jomariad)Joel Mariadasan (jomariad)
Mar 23, 2020
#2Tom LaneTom Laneto Joel Mariadasan (jomariad) (#1)
Mar 23, 2020
#3Joel Mariadasan (jomariad)Joel Mariadasan (jomariad)to Tom Lane (#2)
Mar 23, 2020
#4Tom LaneTom Laneto Joel Mariadasan (jomariad) (#3)
Mar 23, 2020

ASLR support for Postgres12

Started by Joel Mariadasan (jomariad)about 6 years ago4 messageshackers
Jump to latest
#1Joel Mariadasan (jomariad)
Joel Mariadasan (jomariad)
jomariad@cisco.com

Hi All,

We found that Postgres12 doesn't support ASLR. Attached the process explorer screenshot (Process_Explorer_ASLR.png).

Analyzing dumpbin headers of postgres looks like the /HIGHENTROPYVA flag set and not the /DYNAMICBASE flag(dumpbin_headers.txt). According to this link<https://github.com/MicrosoftDocs/cpp-docs/issues/282&gt;, resulting image will not have ASLR enabled.

Windows has a feature to force randomization of images (Mandatory ASLR for those images which have not been compiled with /DYNAMICBASE).
Enabling this also didn't have any effect.

The base addresses of postgres in Process Explorer doesn't change upon restart (Postgres_Imagebase.png).

We would like to know if there is a roadmap to enable ASLR support for postgre.

Let us know if you need more information.

Regards,
Joel

Attachments:

Process_Explorer_ASLR.pngimage/png; name=Process_Explorer_ASLR.pngDownload+2-1
Mandatory_ASLR.pngimage/png; name=Mandatory_ASLR.pngDownload+3-5
dumpbin_headers.txttext/plain; name=dumpbin_headers.txtDownload
Postgres_Imagebase.pngimage/png; name=Postgres_Imagebase.pngDownload+7-2
Import Notes
Reply to msg id not found: BN6PR11MB4178ABE5842C214BE4928C68D7F00@BN6PR11MB4178.namprd11.prod.outlook.comReference msg id not found: BN6PR11MB4178C9A08F38A73865224D8FD7F00@BN6PR11MB4178.namprd11.prod.outlook.comReference msg id not found: BN6PR11MB4178ABE5842C214BE4928C68D7F00@BN6PR11MB4178.namprd11.prod.outlook.com
#2Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Joel Mariadasan (jomariad) (#1)
Re: ASLR support for Postgres12

"Joel Mariadasan (jomariad)" <jomariad@cisco.com> writes:

We would like to know if there is a roadmap to enable ASLR support for postgre.

Not on Windows --- since that OS doesn't support fork(), it's too
difficult to get different child processes to map shared memory
at the same address if ASLR is active.

If that feature is important to you, use a different operating
system.

regards, tom lane

#3Joel Mariadasan (jomariad)
Joel Mariadasan (jomariad)
jomariad@cisco.com
In reply to: Tom Lane (#2)
RE: ASLR support for Postgres12

Thanks Tom for the quick Update.

Can you please point me to a link or give the list of OSes where ASLR is officially supported by Postgres?

Regards,
Joel

-----Original Message-----
From: Tom Lane <tgl@sss.pgh.pa.us>
Sent: Monday, March 23, 2020 8:16 PM
To: Joel Mariadasan (jomariad) <jomariad@cisco.com>
Cc: pgsql-hackers@postgresql.org
Subject: Re: ASLR support for Postgres12

"Joel Mariadasan (jomariad)" <jomariad@cisco.com> writes:

We would like to know if there is a roadmap to enable ASLR support for postgre.

Not on Windows --- since that OS doesn't support fork(), it's too difficult to get different child processes to map shared memory at the same address if ASLR is active.

If that feature is important to you, use a different operating system.

regards, tom lane

#4Tom Lane
Tom Lane
tgl@sss.pgh.pa.us
In reply to: Joel Mariadasan (jomariad) (#3)
Re: ASLR support for Postgres12

"Joel Mariadasan (jomariad)" <jomariad@cisco.com> writes:

Can you please point me to a link or give the list of OSes where ASLR is officially supported by Postgres?

Everything except Windows.

regards, tom lane

← Back to Topics